CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-27889 – MyBB 1.8.25 - Chained Remote Command Execution
https://notcve.org/view.php?id=CVE-2021-27889
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en MyBB versiones anteriores a 1.8.26 a través de Nested Auto URL cuando se analizan los mensajes • https://www.exploit-db.com/exploits/49696 http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html https://blog.sonarsource.com/mybb-remote-code-execution-chain https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27279
https://notcve.org/view.php?id=CVE-2021-27279
MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). MyBB versiones anteriores a 1.8.25, permite un ataque de tipo XSS almacenado por medio de etiquetas [correo electrónico] anidadas con MyCode (también se conoce como BBCode) • https://github.com/mybb/mybb/commit/cb781b49116bf5c4d8deca3e17498122b701677a https://github.com/mybb/mybb/security/advisories/GHSA-6483-hcpp-p75w https://mybb.com/versions/1.8.25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15139 – XSS in MyBB
https://notcve.org/view.php?id=CVE-2020-15139
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. After upgrading MyBB to 1.8.24, make sure to update the version attribute in the `codebuttons` template for non-default themes to serve the latest version of the patched `jscripts/bbcodes_sceditor.js` file. En MyBB anterior a la versión 1.8.24, el MyCode (BBCode) personalizado para el editor visual no escapa la entrada correctamente cuando renderiza HTML, lo que genera una vulnerabilidad de tipo XSS basada en DOM. • https://github.com/mybb/mybb/commit/37ad29dcd25489a37bdd89ebac761f22492558b0 https://github.com/mybb/mybb/security/advisories/GHSA-37h7-vfv6-f8rj https://mybb.com/versions/1.8.24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20225
https://notcve.org/view.php?id=CVE-2019-20225
MyBB before 1.8.22 allows an open redirect on login. MyBB versiones anteriores a la versión 1.8.22, permite un redireccionamiento abierto sobre el inicio de sesión. • https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release https://mybb.com/versions/1.8.22 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12831
https://notcve.org/view.php?id=CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. En MyBB anterior a versión 1.8.21, un atacante puede abusar de un comportamiento por defecto de MySQL en muchos sistemas (lo que conlleva a un truncamiento de cadenas que muy largas para una columna de la base de datos) para crear un shell PHP en el directorio de caché de un foro apuntado por medio de un importación XML creada, como es demostrado mediante el truncamiento de aaaaaaaaaaaaaaaaaaaaaaaa.php.css a aaaaaaaaaaaaaaaaaaaaaaaaaa.php con un límite de 30 caracteres, también se conoce como Ejecución de Código Remota (RCE) del nombre de la hoja de estilo (stylesheet name) theme import • https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release https://blog.ripstech.com/2019/mybb-stored-xss-to-rce • CWE-20: Improper Input Validation •